A talk
given at the ALA/OITP Ebook Task Force preconference January 23, 2003

If you are of a certain
age you may remember when a library book had a pocket pasted inside the front
cover with a card in the pocket. When you wanted to check out the book you wrote
you library card number or perhaps your name on the card, which you handed in
to the librarian at the desk.

This card served - in a
very analog way - some of the same functions of the recommender systems that
we so appreciate today on web sites like amazon.com. By looking at the card
you could see how often the book had been checked out and therefore get an idea
of its popularity. And in some cases you could even see who had read the book
before you, which might tell you something about how likely you might enjoy
it.

That was an "age of
innocence " in our use of libraries; a time when no one thught that reading
a library book could be controversial. In the decades that followed we found
out otherwise.

Library use by individuals
has come to the attention of government, of law enforcement, of morality crusaders,
and of marketers. We'll come back to that latter one in a minute.

Freedom to Read

It was in the 70's that
there was a government program to use libraries as "watchdogs" for
suspicious reading. The library world, fortunately, reacted in horror. The American
Library Association created strong policies for the protection of the privacy
and confidentiality of patrons. Privacy is now a basic user right, and is stated
in the Library Bill of Rights.

The privacy of library use
is also the specific subject of laws in all but a small number of our states,
and is covered by some laws in every state. These laws were enacted for the
most part two to three decades ago, and it is the case that they are aging.
Many of them refer to the "circulation of library materials" as the
focus of the privacy legislation. None that I know of mention newer technologies
such as the Internet. But these laws and their intended spirit serve as a legal
framework within which libraries act. So the protection of user privacy is not
just a good idea -- it is indeed the law.

Why is reader privacy so
important? Some of our most basic freedoms are stated in the First Amendment:
the right of free speech and the freedom of a broad concept that is stated in
the First Amendment as "the press." A free press would have little
effect on freedom of the citizenry if those very citizens were afraid to be
caught reading. In other words, all of us have to have the same level of freedom
to read, and to explore ideas, as we have to speak and publish our ideas. These
are clearly two sides of the same coin, although the Bill of Rights takes the
"listening" part of free speech for granted.

Libraries call this particular
privacy goal the "Freedom to Read," although it means more than that.
Freedom to Read really means the freedom to explore ideas. Libraries, as the
reading room of our civilization, have a key role in making those ideas available
to all. To do so, they must be able to assure their users that their library
use will not lead to intimidation or harrassment, much less arrest or confinement.

Yet actually protecting
the privacy of users is not an easy task.

The Practicalities

Those cards in the pockets
of the books are gone. So is the card catalog. In fact, the whole library operation
has been computerized. Computers allow libraries, as they allow other organizations,
to do more things faster.

They also tend to create
records; records of every tiny transaction; records that are often invisible
even to those who work in the library but that might be found by someone who
is motivated to look for them. Computers create records of activities that used
to go unrecorded: you take a book off the shelf, browse a few pages, put it
back -- no record exists. But if you browse digital materials through a computer
at the library, a record, albeit skimpy, is made.

So although we have laws
that state that the use of library materials will be kept confidential, implementing
those laws is another matter. In some areas, libraries have made modifications
to their computer systems, or vendors have done so for them. When you check
out a book from a library, there is a record that shows that you have that book.
But when you bring it back, that record is removed. There is no list of all
of the books that you have checked out, nor is there a list linked to the book
of all the people who have take it home. On the Internet stations of most libraries,
when a user finishes a session and closes the web browser all of the cache and
history entries that have been stored on the hard drive during that session
are erased. That way the next person who uses the machine cannot see a list
of sites that the previous person visited.

But that's not nearly enough
if we want to protect patron privacy. Other records like web logs and various
system logs also exist. In our need to keep up with technology, libraries have
automated functions without looking deeply into the privacy implications. For
this reason, many libraries today are undertaking what we call a "privacy
audit," to try to assess what technology has done to our ability to support
the Freedom to Read, and how we can work better within our technological environment
to give people the assurances they deserve.

Publishers and Publishing

So what does all this have
to do with publishers and publishing?

There's a real dilemma today
with libraries and digital materials. Libraries license digital materials on
behalf of their users. Unlike hard copy materials, however, the library does
not take possession of these materials in most cases. Instead the materials
are housed at a side owned by a publisher or vendor, and users actually exit
the library (electronically) to use the materials. The library's role is financial
but not actual in that the library does not handle the access to the materials
or the user interface that their patrons interact with.

So the question is (and
I do not know the answer): does the legal obligation to protect the privacy
of library patrons still maintain? I can say that librarians assume that it
does and act as if it does. Therefore contracts with libraries should, and these
days usually do, contain an agreement on confidentiality of use, often stating
that the vendor cannot make any unauthorized use of identifying information.

This obligation to protect
the identity of users is not always an easy one to live up to. Many systems
today allow users to create personal profiles, to email results to themselves,
to interact with other systems such as interlibrary loan. All of these potentially
gather personally identifiable information about the user and therefore could
violate the privacy agreement if accessed by unauthorized parties.

Protecting the confidentiality
of users requires more effort than not, and therefore it has a cost associated
with it. I'm afraid that librarians don't always give vendors credit for the
cost of their efforts on behalf of our users, and we need to do some consciousness-raising
around that issue.

The other side of that coin
is the desire that some vendors or publishers might have to market to library
patrons. This is undoubtedly tempting because libraries are a teeming hive of
active readers. Not only are libraries full of readers, the library itself provides
guidance to those readers, teaches non-readers to read, and actually does training
and tech support for new reading technologies. A mailing list of everyone who
uses the library or everyone who has checked out an ebook could be valuable
for reaching new customers. Unfortunaly, no can do.

What we can do, and are
very much interested in collaborating on, is to learn how ebooks meet the needs
of our users in ways that do not violate our privacy obligations. We welcome
the use of aggregate data to help us -- and you -- provide a better user experience.
As a matter of fact, libraries often insist on statistical reporting
as part of the ebook package the vendor provides. Good reporting is especially
important in these early days of ebook technology, and reports that we have
received have often astounded as well as informed us.

Librarians know a great deal about how people read and how they interact
with reading materials thanks to their daily direct contact with library users. I encourage
you to take part in what I like to call the "take a librarian to lunch"
program. You
will find us willing to share that information with you. Some ebook products have been
radically redesigned because company representatives talked to and listen to
librarians. And, of course, it's so much more pleasant over lunch.

Conclusion

So admittedly the privacy
practices of libraries are at the least an inconvenience to companies -- and
at the worst may look like a lost business opportunity.

We hope that we make up
for that by being in the singular position of encouraging people to read, promoting
reading materials in a variety of formats, and being steady customers for published
materials. Like you, we want to explore positive directions for the future of
reading.